Prateek -
Thanks for drafting this document. Comments are enclosed in the document and
attached. For those who prefer reading it in the email body, basically, I am
suggesting the following. This is based on our direct experience during the
Interop event in July.
In Section 2.2, I suggest that we add an optional element called PassThrough
(the element name is not important per se’). This element would specify the
name of an HTTP parameter. Its purpose would be to name the parameter whose
value the source site guarantees to preserve and pass to the destination
site upon redirection. This would be specified as optional for both POST and
Artifact profiles.
Thanks,
Jahan
----------------
Jahan Moreh
Chief Security Architect
310.286.3070
-----Original Message-----
From: Mishra, Prateek [mailto:pmishra@netegrity.com]
Sent: Tuesday, November 12, 2002 9:00 AM
To: 'security-services@lists.oasis-open.org'
Subject: [security-services] draft-sstc-meta-data-00.doc
Colleagues,
Attached is a first draft enumerating the metadata required for the Web
Browser Profiles. It is based on the SAML Catalyst InterOp experience and
related Liberty Alliance meta-data. It lacks schema and the language is
still informal.
Questions ---
Does it capture all the required metadata for implementing BOTH web browser
profiles?
Are the types of different elements appropriate?
Comments are invited.
- prateek